Forums

General Betting

Welcome to Live View – Take the tour to learn more
Start Tour
There is currently 1 person viewing this thread.
WPlay
22 Aug 11 08:42
Joined:
Date Joined: 23 Jun 08
| Topic/replies: 3,029 | Blogger: WPlay's blog
I logged in this morning to find my balance was zero.. So I thought there were some kind of site problems.. Than I checked my account and evrything was lost on pioker. Checked my security and someone logged in to my account form the UK.. I live in the Netherlands.. 1500 euro's are gone. Send an inquiry to Betfair hoping the can help me out.
has abnyone ever faced this? I'm completely in shock..
Pause Switch to Standard View ACCOUNT HACKED
Show More
Loading...
Report Chilly the Dog August 22, 2011 11:29 AM BST
It will be fairly clear if the money has been passed across poker accounts to someone else. If I were you, I'd change your password to something new, and good. 10 characters: letters, numbers and not based on a real word.
Report Mr.Angry August 22, 2011 11:35 AM BST
Contact Betfair immediately.
bf_fanatic may be able to help too.
Report Ghetto Joe August 22, 2011 1:35 PM BST
Surely it's about time betfair started taking the security side of things a bit more serious, they even removed the option to deny logins from outside your own country for some reason.

Threads like these pop up every now and then but nothing ever seems to be done Cry
Report misselephantstone August 22, 2011 2:08 PM BST
I also got hacked 3 weeks ago,first time they used my funds to bet with and won £3,000 approx then found an obscure market and bet with an accomplice to transfer the money to a seperate account.
When i logged in the next day (using gruss) my account was the excact same amount as the previous day, later on that evening after I had logged out they cleared me out using an icelandic football market of £4,000 approx so I logged in and had a balance of 54pence. Luckily I reported it within the 12 hour window and betfair`s fraud dept managed to recover £3,300.I still cant believe it happened and still cant work out how, by the way i am in the U>K and this happened in europe. since then I have been trying to think of ways to make my account safer ,apart from the obvious, but I feel Betfair are not extremely helpful regarding this.
Report hazel August 22, 2011 2:47 PM BST
missle' thats worrying.  in a forum chat last year betfair did promise to improve security logon.   

Maybe "betfair community manager 2" might read this thread and give some feedback.  I understand he is good for getting feedback.
Report inner city sumo August 22, 2011 2:48 PM BST
Mr.Angry
22 Aug 11 11:35 Joined: 05 Jan 11 | Topic/replies: 695 | Blogger: Mr.Angry's blog
Contact Betfair immediately.
bf_fanatic may be able to help too.

Laugh
Report Betfair Community Manager 2 August 22, 2011 2:53 PM BST
Hi Hazel

I've been watching this thread and ensuring that it is also seen by those looking into this.

If I can offer anything useful by way of feedback, I'll definitely do so.
Report hazel August 22, 2011 2:57 PM BST
Betfair community manager 2 that is quick.

Your good reputation is well deserved.
Report misselephantstone August 22, 2011 3:03 PM BST
It has basically forced me to check my account statement and "my security" log ins day & night.Even when I have a non gambling day I log in to make sure nothing untoward has happened.
Obviously password changes have become the norm rather than the exception.
I asked Betfair if I could set a daily loss limit of £1,000 to give me slightly better protection but was informed this was not possible.
I find it unsettling that I can log in & out from the U.k but a few hours later someone can log in from mainland Europe and "play" around with my funds,surely there could be procedures in place for this not to happen,alas to no avail.
I use one computer for all my betting, can something be put in place to prevent another ip address from accessing my account,again to no avail.
I suppose the best way would be I transfer in & out funds each day but this does not suit my needs and I preferred to keep a high four figure or low five figure amount to do my daily betting.At the moment I have cut this down purely through paranoia.
Report bf_fananatic August 22, 2011 3:22 PM BST
The probable culprit is spy-ware as there are a lot of nasty apps that invest computers and
do a process known as key logging, this means every time you login to anything the app will
log your cookie history along with your key presses.

Please make sure you use a good anti-spy ware program along with anti-virus software
also use a firewall to prevent others from having access to your computer.
Report misselephantstone August 22, 2011 3:31 PM BST
bf fananatic..i have & had all this in place,I also had my computer guy check my system and we could find nothing untoward.
Report bf_fananatic August 22, 2011 3:43 PM BST
Have you entered your password into other softwares that use the betfair exchange as
I have heard some concerns that this information passed through other applications could go
astray possibility.

Has anyone used your account at anytime other than yourself?
Report bf_fananatic August 22, 2011 3:46 PM BST
sorry I meant to say anyone else with your permission used your account at anytime?
Report bf_fananatic August 22, 2011 3:49 PM BST
I cant see why extra security couldn't be used by designers to allocate that you only use accounts from
designated ip addresses as this is much more secure than having a roaming address on the internet
for logging on
Report misselephantstone August 22, 2011 3:58 PM BST
bf_fananatic ..I usually use gruss to enter betfair and have done so for about 4 years,I agree about the designated ip addresses however, whenever my wireless connection updates or resets I get a new address so not sure how this would affect this.
Report misselephantstone August 22, 2011 4:00 PM BST
and no...no one else has ever been allowed to use my account.
Report bf_fananatic August 22, 2011 4:16 PM BST
You can get staic ip addresses as used by all shops for things like banking machines and online
services, most home internet is dynamic address which does change frequently, if you get a
stic ip address you could ask betfair if they could only allow this address for you account, not sure
if thats possible but it could be worth looking into in your case.

I have a gruss account also as its so good an app and doubt there is any problem there as there
api approved and not on the beware list, i recently installed zoom bets on my smart phone but against advice from a reviewer who said beware of this product but everybody else said "wow what a cool app" so I couldn't resist trying it and its very good.

Changing your password frequently seems to be the best bet and after the dreadful experience you have been through which I feel sorry for you I will do the same in the future.
Report bf_fananatic August 22, 2011 4:17 PM BST
*static ip address* not staic,whoops
Report misselephantstone August 22, 2011 4:24 PM BST
going to e-mail them re static ip address,will post response.
Report Just Checking August 22, 2011 4:28 PM BST
As I posted on another thread which BCM2 may not be watching:
Betfair could:
Only allow access to betfair from a country or far better a single IP for anyone with a static IP, to enable another IP when you try to log on from one, you must enter a second level password, ideally via drop downs like banks do. Not difficult, massive increase in security. A variation of this would be to allow IPs that match a certain pattern, e.g. X.X.*.* so only the dynamic IPs from a users ISP could be allowed, which helps people without a static IP.

As you'd normally be on your own computer you'd never / or just very very rarely need really to enter the second level password to get access from a new IP, so any keylogger would really struggle get it. It's effectively self double locking - you never really enter that password and they can't do anything without the password. And any time it was activated perhaps it would send you an email, which could even have a third tier lock that you have to click a link to activate it, which is a very common thing that even noddy little sites do to activate you.

Another idea is to allow transfers to a secure internal bank for each account that again requires another second level password to access it (again using the drop down method to beat keyloggers), so you're only betting with amounts you intend to that day. When not actively betting, you just shift your money in there for piece of mind. An awful lot of online banks etc now do similar, one password to log on, another to enable "dangerous" stuff. Having a second internal safety account also protects users to some extent from themselves, as anything in there is safe from accidentally doing a stupid bet etc by misplacing a digit etc. Although this is secondary, it's still not a good thing.
Report Just Checking August 22, 2011 4:30 PM BST
Still not a BAD thing, a GOOD thing I meant to say. See, those clumsy typing mistakes do happen :)
Report hazel August 22, 2011 4:42 PM BST
Just Checking -those ideas are worth looking at.  I suspect betfair have been looking at such ideas.  Given that some clients may have 4, 5, 6 or even 7 figure balances you would expect security equivalent to that of a bank.  Currently Betfair fail to meet the high banking standards of security for logon.

Unfortunatley they seem happy with the situation, having posted in their customer commitment:

"Update - August 2011: We received PCI-DSS recertification as a Level 1 Payment Provider in June 2011. This is the highest level and is for merchants processing over 6 million card transactions annually. The PCI Security Standards Council offers robust and comprehensive standards to enhance payment card data security. The Data Security Standard (DSS) covers how Betfair prevents, detects and reacts to security incidents."
Report TheVis August 22, 2011 5:05 PM BST
I would urge everybody to at least check My Security on a regular basis.  I was shocked earlier in the year to find somebody had tried to access my account from Russia.

Fair play to BF who sorted me out a new account within the day but it was all a bit worrying nonetheless.

What about exclusions from Poker and even those sports we never bet on which can only be changed via a different password for example?

All suggestions about extra security are very welcome and should be taken seriously by BF as there are often threads similar to this appearing and I know of one person who lost money and never got it back.  No doubt the BF fraud dept will do what they can to get your funds back but essentially it is tough shyte if they can't do anything.
Report jt45 August 22, 2011 5:34 PM BST
The Vis & BCM2,

Suggestions (that I support):

(1) Drop down menu for password submission.
(2) Optional security token (such as a card reader type device).
(3) Optional IP address restrictions.

The suggestion for a security token was made, at least, as far back as February 2010 (see the relevant Forum Q&A). The response provided by the bf representative at that time was encouraging but I haven't seen any updates to indicate that much progress has been made in this area.

You can already self-exclude from poker, arcade, casino and games.
Report Just Checking August 22, 2011 5:43 PM BST
Just doing dropdown for the main password doesn't help any third party applications (which could already be doing that today if they wanted to). A second password(s) you rarely enter in effect means using betfairs web site to control 'advanced' stuff (IP security / internal secure bank / whatever) means those applications don't actually need changed, yet security can be enhanced within betfairs control whenever they want tommorow, and is still secure if your main password somehow gets nabbed by some hacked mobile phone application or whatever.
Report Eddie the eagle August 22, 2011 5:47 PM BST
It would be easy for Betfair to implement some kind of extra security, but I don't think they really care as they have said nothing on this issue the last couple of years.
  They even removed the option we had to restrict access from either countries/regions of our choice or anywhere else than your home country.
  As far as I know they didn't even bother giving us the reason for removing this option.
Report jt45 August 22, 2011 5:48 PM BST
Just Checking,

Your suggestion does provide greater security. However, using a drop down menu to submit a random selection of characters from your main password itself greatly reduces the probability of your entire password being nabbed and your account thus being hacked.
Report Just Checking August 22, 2011 5:52 PM BST
Oh I'm not against it JT45, what I'm saying is that alone only helps in one particular aspect, an aspect that they can directly control, and if someone can get it from a phone app or whatever means, if nothing else changes, you're just as goosed as you'd be today.
Report SHAPESHIFTER August 22, 2011 6:17 PM BST
A couple of observations:


- I'm not versed on how encryption works between a third party API (i.e. gruss) and betfair but some of the threads have mentioned they use something like that which would need your betfair account to log.

- I was in an internet cafe the other day because we were moving.  I had to move some money and went to use the bank site.  It became apparent that there was spyware (hard to describe but as I typed anything, it became lumbered and delayed.  When I left the bank site, it was fine) so I didn't log on.

- A friend of mine has told me to disable bluetooth on my phone since it takes a millisecond to put a virus in your phone.  In the states, they hang around at race tracks.

- It would also help if betfair allowed you to opt out of certain types of betting (i.e. poker) and you need to phone up to change this.  As well, if someone did try to use poker and the user had opted out, it would be an excellent flag for the security room to look a the account activity.

My advice - until betfair come up with a token system or drop down, come up with a new password as often as you can.
Report inner city sumo August 22, 2011 6:21 PM BST
Kaspersky comes with a virtual keyboard, useful for entering passwords.
Report Ghetto Joe August 22, 2011 6:22 PM BST
Shapeshifter you can already exclude yourself from poker just go to My Profile -> player protection and opt out  if you don't use it

View/edit player protection settings for:
    Arcade
Casino
Games
Poker Skill & Dice

Most of the fraud I've seen seems to be where the balance has been dumped via poker
Report MrHunt August 22, 2011 6:24 PM BST
i was on hols in portugal last sept..when i got home i seen sumone had tried to log on my acc from spain ..
Report hazel August 22, 2011 6:28 PM BST
ics i believe you may find reports on the internet that virtual keyboards are a security risk themselves.

entering the 4th, 1st and 9th digit of your password is used by many banks. but this is only one aspect of their improved security.

I have been banging on for years the weaknesses in their "forgot password " procedure.

Betfair have not improved their front line security for logon since I first bet here over 10 years ago.
Report misselephantstone August 22, 2011 6:28 PM BST
inner city sumo
Kaspersky comes with a virtual keyboard, useful for entering passwords.

Does this mean that a keylogger would not be able to recognise keys pressed?
Report inner city sumo August 22, 2011 6:34 PM BST
They're not perfect, but they are an upgrade on keystrokes alone, and any relatively little thing you can do to make it that little bit harder has to be worth doing.

The most sophisticated loggers can track information on the basis of screen image and movement, so in those circumstances you're screwed!
Report misselephantstone August 22, 2011 6:37 PM BST
betfairs response to my query re limiting ip address log ins
"
Thank you for your e-mail.

Please note that it is not possible to restrict access to your account from one IP address. As long as you are using an anti spyware and anti virus software on a regular basis and you also change your password on a regular basis, you should not experience any issues with your account."
Report hazel August 22, 2011 6:52 PM BST
"Please note that it is not possible to restrict access to your account from one IP address. As long as you are using an anti spyware and anti virus software on a regular basis and you also change your password on a regular basis, you should not experience any issues with your account."

That is a pretty poor response.  Banks expect you to have uptodate virus checker etc, but they do do their bit by making their sites as secure as possible by adding extra lines of security.  I would be very surprised if any bank today relied up mere username/password for security.
Report the silverback August 22, 2011 6:53 PM BST
There are online bookies who log you out and display a message if you log in for a second time even in another window from the same computer(SBO for one). I wonder if that is something which could be explored by betfair. It may help in a small way although I should think there are a lot of potential issues with it given the different ways people use the site.

I would also suggest anyone who doesn't play poker should self exclude themselves from poker as that is a possible way of these criminals transferring your funds. May as well do so for the other non exchange parts of the site too as I have heard of people being hacked and just having their cash burnt on the casino.

Which anti spyware do people recommend, I hear good things about superantispyware.
Report misselephantstone August 22, 2011 6:57 PM BST
when I was hacked I was told it was good news that I got most of my money back (apart from the £700) as ,and I quote "usually when this happens people get nothing back as the hackers maliciously gamble away the funds" that is scary!!
Report hazel August 22, 2011 7:02 PM BST
that is scary missel'

I think I am right in saying that banks have to prove you were at fault otherwise they have to take the loss, thats why they have good security features.  Whereas Betfair make the client take the loss.  Thats probably why they seem indifferent about improving the site security.
Report misselephantstone August 22, 2011 7:06 PM BST
you are right Hazel,the onus is on us and betfair accept no responsibility.
Report WPlay August 22, 2011 7:39 PM BST
The probable culprit is spy-ware as there are a lot of nasty apps that invest computers and
do a process known as key logging, this means every time you login to anything the app will
log your cookie history along with your key presses.

Please make sure you use a good anti-spy ware program along with anti-virus software
also use a firewall to prevent others from having access to your computer.


I have all these.. I don't have clue as to how this could have happened?
Helpdesk says the fraud team will get back with me rather shortly now..
Report Gerbs August 22, 2011 7:46 PM BST
inner city sumo     22 Aug 11 18:21 
Kaspersky comes with a virtual keyboard, useful for entering passwords.


im using kaspersky where do i find the virtual keyboard
Report misselephantstone August 22, 2011 7:49 PM BST
Wplay ..let us know how you get on,hopefully they will be able to recover most ,if not all ,of your funds..all the best.
Report Gerbs August 22, 2011 8:02 PM BST
inner city sumo

i found it have been using kaspersky for a year now and didnt know that was on there
will use it from now on
Report TheVis August 22, 2011 8:57 PM BST
thanks for the reminder about Poker exclusion in particular which I have now setup.
Report Trevh August 22, 2011 9:31 PM BST
With regard to Gruss (and other API software) apparently when the user looks at price graphs the account password is resubmitted, so if you look at a graph say once every 5 minutes your password is submitted every time.

How safe that is I don't know, but I'm wondering if it's a possible weak link in our security? Any software experts on the thread?

------------

I've suggested before that it might be simple to have a unique PIN texted to your mobile phone when you log on, paypal do this, but then I guess problems would arise every time you click on a price graph unless the constant password requirement could be altered.
Report DivideByZeroError August 22, 2011 11:07 PM BST
One tip is to enter the wrong password intentionally a couple of times.

I read this from an article writen by an ex-hacker.
Report TheInvestor2 August 22, 2011 11:39 PM BST
the silverback
Date Joined: 28 May 07
Add contact | Send message
When: 22 Aug 11 18:53
Joined:
Date Joined: 28 May 07
| Topic/replies: 2,328 | Blogger: the silverback's blog
There are online bookies who log you out and display a message if you log in for a second time even in another window from the same computer(SBO for one). I wonder if that is something which could be explored by betfair. It may help in a small way although I should think there are a lot of potential issues with it given the different ways people use the site.

I would also suggest anyone who doesn't play poker should self exclude themselves from poker as that is a possible way of these criminals transferring your funds. May as well do so for the other non exchange parts of the site too as I have heard of people being hacked and just having their cash burnt on the casino.

Which anti spyware do people recommend, I hear good things about superantispyware.


Yes, someone accessed my email account from Mexico once, and after getting an automatic message pop up in my email account, I was able to quickly change the password etc, as well as check that nothing was being forwarded etc.
Report TheInvestor2 August 22, 2011 11:40 PM BST
Please keep us posted WPlay. Veel geluk ermee.
Report WPlay August 23, 2011 10:25 AM BST
Thx, still under investigation.. Confused
Report TheVis August 24, 2011 11:13 AM BST
DivideByZeroError
22 Aug 11 23:07 Joined: 18 Jul 07 | Topic/replies: 12 | Blogger: DivideByZeroError's blog
One tip is to enter the wrong password intentionally a couple of times.

I read this from an article writen by an ex-hacker

Can you give a few more details on why this a benefit Divide?
Report DivideByZeroError August 24, 2011 3:29 PM BST
If you are infected with a keylogger then it might be easy for it to spot your login details from the pattern of keystrokes, for example if you always type a web address hit enter and then username, tab, password and enter.

Entering the incorrect password makes it harder for the keylogger to spot the pattern. Of course I'm sure that smarter systems could still spot the password amongst the keystrokes but at least it adds in a small way to the difficulty of spotting your password.

I searched for the original article but couldn't find it, sorry. The interviewee was applying the approach to credit card numbers - it must be easy to spot a sequence of 16 digits being typed in.

Thanks to WPlay for starting this thread - which is a bit of a wake up call. I hope that the cash is recovered.
Report TheInvestor2 August 24, 2011 3:53 PM BST
Betfair need to take this issue very seriously.
Report misselephantstone August 24, 2011 6:26 PM BST
Was hoping wplay had an answer by now...the problem with the contents discussed in this thread is it will be forgotten until someone else is affected...Every site I am a member of that involves large amounts of monies has far more security than betfair which seems to have the equivalent of lovefilm.com.One of the replies I received from customer services stated, that the problems must be with its users because betfair is unhackable..(do me a favour)
Report DivideByZeroError August 24, 2011 6:31 PM BST
Absolutely - this is a massive issue for the reputation of Betfair.

The everyday punter is not going to be happy depositing £50 on here after reading about hacked accounts.
Report misselephantstone August 24, 2011 6:35 PM BST
sorry ,I would just like to point out I have nothing against lovefilm.com and do not wish to be derogatory to them by associating their security on a par with betfairs.
Report Donnie Brasco August 24, 2011 7:49 PM BST
If this hasnt been mentioned it is good for protection against keyloggers and its free.

http://www.qfxsoftware.com/
Report Artisan August 24, 2011 7:54 PM BST
There are a number of ways that someone could get hold of account details.  The bit that concerns me are the number of people who hold your account details other than Betfair.

All of the third party API software providers need to know your account details.  MarketFeeder Pro and Fracsoft are two providers I use that know my account details so I can login.  I know these organisations are verified by Betfair, and I'm not suggesting they themselves are insecure.  However, the thought occurs to me occasionally, what happens if their security is compromised?  Or other less reputable providers are at large?

A while ago I discovered whilst digging around looking for violations that Welldone Soft, the writers of MarketFeeder Pro, were regularly (every few seconds or so) communicating with my PC.  I enquired what it was about and got the response that it is quite a normal part of using the API.  As I say, I'm not suggesting there is anything untoward, but it wouldn't be difficult for an unscrupulous provider to gather more information than is necessary.

I suspect, if I were so minded to get hold of someone's Betfair details, after considering spyware, I would concentrate on the weaker providers.  These guys certainly aren't set up like banks (many simply can't afford it, or understand it), and would probably provide the weak link in the chain.
Report ShaneESP August 24, 2011 8:05 PM BST
misselephantstone

WPlay has had an answer, he has the same thread with title same as this one on the football forum which has been updated (yesterday).

The thread is currently on the second page of the football forum, he basically got 60% of his money back.
Report misselephantstone August 24, 2011 8:20 PM BST
thankyou shaneesp, read it ,some good points on the thread as a whole,wplay says he checked his system with various spyware & virus scan but nothing at all has turned up,that is the worrying point for me.
Report Just Checking August 24, 2011 9:15 PM BST
I think a theory is that wplay might've had his phone hacked not computer, miss.

There was a thread a while ago linking to an article that discussed how the insecurity of phones is an elephant in the room right across any industry that requires security. Puts me off the idea of using one to be honest. It's all the same password of course so if they get it from a phone, they can use it from any computer and do what they want.

One thing to note is the way some browsers can store passwords : I NEVER do that for anything I care about, but I'd certainly recommend against it.
Report TELL DEL August 24, 2011 9:57 PM BST
^ That is a plausible explanation that he may have had his phone hacked and not computer. Especially if he has run a virus scan on his system and nothing has turned up. And as you say if they can get a password from a phone they can use it on a computer.

Anyone keeping a large bank on here, it is a concern that anyone could  be just a password and a click away from getting into your account.
Report Marxist-Leninist August 24, 2011 11:59 PM BST
Do Rupert Murdoch and Co have betfair accounts?! I think we should be told!
Report TheVis August 25, 2011 7:44 AM BST
Phones are definitely a concern.  I think getting a second account and just having a small bit of money in that for use if you are say using BF from your mobile for a few bets during a day at the races is probably a sensible thing to be doing.
Report the silverback August 25, 2011 11:33 AM BST
Are keylogging viruses just spread randomly? And once you're infected, how likely is it that a hacker will actually "keylog". Or is everything automatically keylogged and they just take a closer look when it seems there's something worth pursuing.

Any hackers out there care to share their thoughts.
Report Ghetto Joe September 4, 2011 11:40 PM BST
Service Interruption
Betfair Customer Services


It appears that the company who provide DNS services to betfair has been hacked.  This means that a malicious user has been able to point the name 'www.betfair.com'  to one of their own servers, presenting a splash page.  The Betfair site (infrastructure) itself is unaffected, but until we can correct this DNS issue at the network provider's side, some of our users will experience this redirection to the wrong page.  We are working with them on this issue.

There appear to be several other companies affected (Dell, UPS) - those who use the same DNS provider. We don't have any reason to believe that this attack is targeted specifically at betfair, or that there is any reason for betfair customers to fear for the safety of their data.  However, if you wish us to suspend your account temporarily at this time, we are able to do so.

We apologise for any inconvenience this may cause.



Whooopeee, any chance it'll make Betfair take security abit more seriously now someones redirected the whole site?

OK Betfair's security hasn't been breached but if the DNS had been directed to a false login page they'd probably be alot of people with empty accounts tomorrow. Things like using the selected letters of a memorable word like banks use would at least ensure it's a lot harder for people to access accounts if passwords are snatched by DNS redirection or phishing sites/emails etc
Report DonNo1 September 5, 2011 12:20 AM BST
- BF told me that the country restriction is still in place but you have to phone up and request it, no sure of the point of that

- I suggested you should be able to lock funds in your account with a separate password to your login but they brushed that off
Report hazel September 5, 2011 12:29 AM BST
Yes - come on Betfair - sort out the security improvements you promised us last year. It can't take that long to do it.

e.g. as per Ghetto, at least try to be a little more secure like your average bank and -

"Things like using the selected letters of a memorable word like banks use would at least ensure it's a lot harder for people to access accounts if passwords are snatched by DNS redirection or phishing sites/emails etc"
Report Live Forever September 5, 2011 12:29 AM BST
From a layman's point of view, surely it is not much more of a leap from someone obtaining passwords for accounts (through key loggers or whatever) and the same person taking the extra step of obtaining a 3 digit card security code and being able to basically deposit any amount they want into the account?

I appreciate I have little expertise in this area so could be talking $hite, but that would be horrendous (not that the above scenario is in any way good)
Report the silverback September 5, 2011 12:42 AM BST
Quite basic, but a separate password for banking transactions would surely substantially reduce the likelihood of fraud simply because a password used less frequently has less chances to be logged?? Or is that too simple.
Report Cardinal Scott September 5, 2011 12:45 AM BST
Reading this thread ***Upset My Equilibrium*** to think they may be Russians in Romania and Romanians in Reyjakavic trying to hack Betfair accounts, just spent about an hour researching how to construct a very complicated password.
Report avi315 September 5, 2011 7:14 AM BST
Easy. Grab someone's data is very easy. Many people are asking for trouble just by downloading suspicious "Toys".

Really, very easy. Only what comes next? Lets just say I have someone's login and password but whatever I`ll do with the money - I'm easy to track down. So whats the point? Stealing money is hard job too.
Report Mr.Anderson September 5, 2011 10:12 AM BST
Why can I get a security token for battle.net, to protect my virtual gold in games such as World of Warcraft and Diablo, but not for Betfair to protect my real money? It doesn't seem right.

Extra security could be annoying for some customers, but you don't have to offer the same level of security to all accounts, do you?

Please offer some optional extra security at least for customers who keep funds above some appropriate threshold. Many of those customers would welcome the hassle associated with extra security I'm sure.

If customers felt more confident in your security you might even gain a bit more interest from increased client funds, and a bit less costs associated with money transactions. And if you feel like you have to you could charge for the security token.
Report eddie falcon September 5, 2011 11:17 AM BST
DonNo1 Joined: 11 Nov 10
Replies: 1194 05 Sep 11 00:20   
- BF told me that the country restriction is still in place but you have to phone up and request it, no sure of the point of that

- I suggested you should be able to lock funds in your account with a separate password to your login but they brushed that off
 

I just phoned up and was told that the country restriction option is not available any more, due to the fact that your ISP could route your traffic abroad in certain circumstances and this used to cause Betfair problems when the country restriction option was available
Report Ghetto Joe September 5, 2011 12:33 PM BST
Quite agree Mr Anderson, plenty of kids games have more than one level of protection for their virtual cash, with Betfair the onus is on us to protect our accounts despite the fact they provide us with few real options to protect it.

Your security's only ever going to be secure as the weakest link and DNS redirections /phishing sites have been around for long enough for most companies to actively monitor changes. Imagine a bank being redirected they'd have had the site locked down as soon as it was discovered and contacted clients to inform them, with betfair it's business as usual and a message on a few sections of the forum that'll be gone in a day or two.

I can understand some of their reluctance to increase security due to making the site too complicated,lost passwords etc but considering the balances people hold on here, compared to normal bookies sites, optional security settings should really be offered to those who wish to use it.
Report DonNo1 September 5, 2011 2:41 PM BST
Ok eddie, what they told me was 'The country restriction feature associated with customer accounts is only available to be amended by Betfair staff.' so I interpreted that as you could phone up and alter it but seemingly not then.

Is it still the case you can deposit entering a wrong security code, I remember years back someone making a thread about how he entered the wrong card code and the deposit when through...
Report bwtw September 5, 2011 2:47 PM BST
For those hoping that the recent hack would spring Betfair into action about security, they apparently are 'not reviewing security measures on the website.'
Report Mr.Anderson October 5, 2011 8:17 AM BST
bump for improved login security!
Report paulme October 6, 2011 7:58 PM BST
Shocked
Post Your Reply
<CTRL+Enter> to submit
Please login to post a reply.

Wonder

Instance ID: 13539
www.betfair.com